The following firewall changes are recommended to help ensure quality when using Skype4B.
|SIP||TCP: 443, 4443, 5061, 5269|
|Audio/Video||TCP: 443; 50000-65535/UDP: 3478; 50000-65535|
|Web Services||TCP: 80, 443|
|There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where media passes directly from one user to the other.||Client to Client Application Sharing||TCP: 42000-42039 / UDP:4 2000-42039|
|There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where the file passes directly from one user to the other.||Client to Client File Sharing||TCP: 42040-42079 / UDP: 42040-42079|
|There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where media passes directly from one user to the other.||Client Media||TCP: 5350-5389 / UDP: 5350-5389|
- It is recommended to also whitelist the domain ct950.com on your network as well as specifying the IP addresses
- Another more flexible approach would be to simply whitelist both the 220.127.116.11/24 and 18.104.22.168/26 networks since we can and will add servers over time to multiple locations.
- If a "Sonic Firewall" or other is being used with "DPI" Deep Packet Inspection, it is recommended to disable this feature for Voice Traffic. All Skype traffic is Encrypted Data traffic and this feature isn't necessary, also it will interfere with Skype/Voice services and cause QOS issues.
- If your router is not configured for the new traffic protocols that Skype for Business (Lync) will introduce to your network, you could experience packet loss, dropped calls and jitter. You must make sure that SIP inspection or SIP ALG (Application level gateway) are disabled on your routers and firewalls to prevent this from happening. You may need to contact your ISP to have this done, but make sure this is completed prior to deployment. These features in routers are intended to block SIP traffic and will interfere with Skype for Business (Lync) communications.